# Basic User Management Project
This package is a ready to use user authentication and autorization managment system, Using FastAPI, PostgreSQL, and AWS Cognito JWT based authentication.
> ## Install Package
```
pip install ofry-fasatpi-auth-cognito
```
```
pip install "git+https://github.com/tech1919/fastapi-auth-cognito.git"
```
> ## Configure Environment
Configure `.env` file:
```
USERS_DATABASE_URL=postgres://username:password@host:port/database_name
COGNITO_REGION=
COGNITO_POOL_ID=
```
> ## Add the auth router to the FastAPI app
import:
```python
from auth.router import auth_router
from fastapi import FastAPI
```
define the app:
```python
app = FastAPI(
title = "API's name"
)
```
include the auth router:
```python
app.include_router(router = auth_router , prefix="/auth")
```
This router comes with a built in auth configuration for every route.
> ## Add authentication dependency
import:
```python
from auth.permission import PermissionCheck
```
add authentication and permission check to a route:
```python
@router.get("/secure",
description="this route is an example for a secure route",
dependencies=[Depends(PermissionCheck(statements=["resource:action"]))],)
async def secure() -> bool:
return { "message" : "You have access" }
```
another way of adding authentication and permission dependency to a group of routes:
```python
# example
app.include_router(router=users.router , prefix="/users" , dependencies=[Depends(PermissionCheck(statements=["resource:action"]))])
# by adding this dependency, now every route
# expect a JWT that can be authenticaded with the JWKS from AWS Cognito
```
if a request that was sent to this route, contain in the **headers**:
```
{
"Authorization" : "Bearer some.json.webtoken"
}
```
than, the route will check first if this is an authenticated one comes from the AWS Cognito UserPool, as specified in the relevant environment variable `COGNITO_POOL_ID`. in this specific example , the route will also return the jwt cresentials as decoded from the JWT. this variable has this structure:
```json
{
"jwt_token": "the original JWT string",
"header": {
"kid": "NkMpoZmqv4UBEWkN/yCvN/W2rSFnHRswDa6PjiyAUuc=",
"alg": "RS256"
},
"claims": {
"sub": "ec108666-34f7-4224-9ba7-89afe5aa6202",
"cognito:groups": [
"DEVELOPER"
],
"iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_JA8KShbIm",
"version": 2,
"client_id": "7hn1v7k92bq9thva39l0floorm",
"token_use": "access",
"scope": "aws.cognito.signin.user.admin openid profile",
"auth_time": 1671202410,
"exp": 1671206010,
"iat": 1671202410,
"jti": "7e97bdaf-b074-4bc4-931b-cb50d72482ea",
"username": "username string"
},
"signature": "the jwt signature string",
"message": "some string"
}
```
So there is a lot of information here about the user who sent the request and with which you can later decide what is displayed in the client
> ## Handle Resources
For checking a user's permissions there is a class called `PermissionCheck`. This class depend on the authentication method so by adding this as a dependency to a certain route, it automaticly check the JWT authentication and user's permissions.
Every route in the API that depends on this class will be obliged to perform authentication with the JWT sent to it, and then search the database according to the groups that appear in the JWT's payload under `cognito:groups` for all the roles associated with this group.
Raw data
{
"_id": null,
"home_page": "",
"name": "ofry-fasatpi-auth-cognito",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "python,first package,fastapi,cognito,jwt",
"author": "Ofry Makdasy",
"author_email": "ofry.makdsy@tech-19.com",
"download_url": "https://files.pythonhosted.org/packages/0d/97/2bb898b59b77960eade4f83f65663d88ee4ea45dc59b8f885019723abe99/ofry-fasatpi-auth-cognito-0.0.4.tar.gz",
"platform": null,
"description": "# Basic User Management Project\n\n\nThis package is a ready to use user authentication and autorization managment system, Using FastAPI, PostgreSQL, and AWS Cognito JWT based authentication.\n> ## Install Package\n\n```\npip install ofry-fasatpi-auth-cognito\n```\n```\npip install \"git+https://github.com/tech1919/fastapi-auth-cognito.git\"\n```\n\n\n> ## Configure Environment\n\nConfigure `.env` file:\n```\nUSERS_DATABASE_URL=postgres://username:password@host:port/database_name\nCOGNITO_REGION=\nCOGNITO_POOL_ID=\n```\n\n> ## Add the auth router to the FastAPI app\n\nimport:\n```python\nfrom auth.router import auth_router\nfrom fastapi import FastAPI\n```\n\ndefine the app:\n```python\napp = FastAPI(\n title = \"API's name\"\n)\n```\n\ninclude the auth router:\n```python\napp.include_router(router = auth_router , prefix=\"/auth\")\n```\n\nThis router comes with a built in auth configuration for every route.\n\n> ## Add authentication dependency\n\nimport:\n```python\nfrom auth.permission import PermissionCheck\n```\n\nadd authentication and permission check to a route:\n```python\n@router.get(\"/secure\", \ndescription=\"this route is an example for a secure route\",\ndependencies=[Depends(PermissionCheck(statements=[\"resource:action\"]))],)\nasync def secure() -> bool:\n \n return { \"message\" : \"You have access\" }\n```\n\nanother way of adding authentication and permission dependency to a group of routes:\n```python\n# example\napp.include_router(router=users.router , prefix=\"/users\" , dependencies=[Depends(PermissionCheck(statements=[\"resource:action\"]))])\n# by adding this dependency, now every route \n# expect a JWT that can be authenticaded with the JWKS from AWS Cognito\n```\n\nif a request that was sent to this route, contain in the **headers**: \n```\n{\n \"Authorization\" : \"Bearer some.json.webtoken\"\n}\n```\nthan, the route will check first if this is an authenticated one comes from the AWS Cognito UserPool, as specified in the relevant environment variable `COGNITO_POOL_ID`. in this specific example , the route will also return the jwt cresentials as decoded from the JWT. this variable has this structure:\n```json\n{\n \"jwt_token\": \"the original JWT string\",\n \"header\": {\n \"kid\": \"NkMpoZmqv4UBEWkN/yCvN/W2rSFnHRswDa6PjiyAUuc=\",\n \"alg\": \"RS256\"\n },\n \"claims\": {\n \"sub\": \"ec108666-34f7-4224-9ba7-89afe5aa6202\",\n \"cognito:groups\": [\n \"DEVELOPER\"\n ],\n \"iss\": \"https://cognito-idp.us-east-2.amazonaws.com/us-east-2_JA8KShbIm\",\n \"version\": 2,\n \"client_id\": \"7hn1v7k92bq9thva39l0floorm\",\n \"token_use\": \"access\",\n \"scope\": \"aws.cognito.signin.user.admin openid profile\",\n \"auth_time\": 1671202410,\n \"exp\": 1671206010,\n \"iat\": 1671202410,\n \"jti\": \"7e97bdaf-b074-4bc4-931b-cb50d72482ea\",\n \"username\": \"username string\"\n },\n \"signature\": \"the jwt signature string\",\n \"message\": \"some string\"\n}\n```\n\nSo there is a lot of information here about the user who sent the request and with which you can later decide what is displayed in the client\n\n> ## Handle Resources\n\nFor checking a user's permissions there is a class called `PermissionCheck`. This class depend on the authentication method so by adding this as a dependency to a certain route, it automaticly check the JWT authentication and user's permissions. \n\nEvery route in the API that depends on this class will be obliged to perform authentication with the JWT sent to it, and then search the database according to the groups that appear in the JWT's payload under `cognito:groups` for all the roles associated with this group.\n\n\n\n\n",
"bugtrack_url": null,
"license": "",
"summary": "User management authentiation",
"version": "0.0.4",
"split_keywords": [
"python",
"first package",
"fastapi",
"cognito",
"jwt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "17910e2620b7499714e963bf42a8e87e6b9e4f641a8a7025a3bac8fd397ebf53",
"md5": "d4d99e57b37082d0d7724b0e8c29464c",
"sha256": "e4a78ae193d6652e1adea59afb2ba5cabe3d35f6466176d32e2a6b95de2f4545"
},
"downloads": -1,
"filename": "ofry_fasatpi_auth_cognito-0.0.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d4d99e57b37082d0d7724b0e8c29464c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 16037,
"upload_time": "2023-01-20T17:18:19",
"upload_time_iso_8601": "2023-01-20T17:18:19.119563Z",
"url": "https://files.pythonhosted.org/packages/17/91/0e2620b7499714e963bf42a8e87e6b9e4f641a8a7025a3bac8fd397ebf53/ofry_fasatpi_auth_cognito-0.0.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0d972bb898b59b77960eade4f83f65663d88ee4ea45dc59b8f885019723abe99",
"md5": "9eb9cf945d36a6d5c316d595aa334b72",
"sha256": "5c6d193e078e5ab51c2faa7d2d5b837f45a06dc5146e76fb809977e02abffa23"
},
"downloads": -1,
"filename": "ofry-fasatpi-auth-cognito-0.0.4.tar.gz",
"has_sig": false,
"md5_digest": "9eb9cf945d36a6d5c316d595aa334b72",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 12525,
"upload_time": "2023-01-20T17:18:21",
"upload_time_iso_8601": "2023-01-20T17:18:21.170094Z",
"url": "https://files.pythonhosted.org/packages/0d/97/2bb898b59b77960eade4f83f65663d88ee4ea45dc59b8f885019723abe99/ofry-fasatpi-auth-cognito-0.0.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-01-20 17:18:21",
"github": false,
"gitlab": false,
"bitbucket": false,
"lcname": "ofry-fasatpi-auth-cognito"
}
JSON